Forty-one percent of organizations believe usernames and passwords are one of the most effective access management tools–even though most hacking-related breaches are a result of weak, stolen, or reused user credentials, according to a new report.
Although stronger IT security and data protection are increasingly important, the Thales 2020 Access Management Index report finds that 94% of global IT professionals believe data breaches in the past year have been the biggest influence over their organization’s security policies and access management.
Yet, there is a disconnect between security and convenience. Fifty-eight percent of respondents said they allow employees to log onto corporate resources using social media credentials, according to the report.
At the same time, 65% believe unprotected infrastructure presents the biggest targets for cyberattacks. Over half said they think that cloud applications (54%), and/or web portals (54%) are top targets. “This proliferation of targets may be why most (65%) respondents find it easy to sell the need for IT security to the board, an increase from 44% who were finding it easy 12 months ago,” the report noted.
In fact, security concerns and/or the threat of a large-scale breach are prompting organizations to have implemented or plan to implement an access management plan, according to the report.
SEE: Two-factor authentication: A cheat sheet (TechRepublic)
According to those respondents who think that cloud applications are a top target for cyberattackers, the most likely cause for this is the increasing volume of applications in use (59%). “As organizations move more and more processes to cloud, and more cloud applications are adopted, it is essential that each application is properly secured,” the Thales report said.
To help achieve better access control, 95% of organizations surveyed said they have implemented multifactor authentication, but only 15% said they use a dedicated multifactor software product. Fifty-nine percent said they have adopted single sign-on technology, and 86% said they are planning to further expand their use of the technology in the next year.
While there are a variety of access management capabilities available to organizations, the report also found that an on-premises identity access management (IAM) platform is the most popular choice currently among respondents.
“However, the utilization of solutions such as smart [single sign-on] SSO and cloud SSO are set to increase over the course of the next year,” the report stated. “In a world where the need for renewal and increasing complexity of passwords increases the risk of them being forgotten, solutions such as cloud SSO and smart SSO will become more vital for organizations.”
Effective cloud access management is essential for organizations, the report said. “If this is not done, nearly all (97%) respondents anticipate problems for their organization.” Chief among these is IT staff being used less efficiently (53%), cloud becoming a security issue (47%), and an increase in operational overheads and IT costs (45%).
Yet, cloud-based security and authentication also presents challenges for the overwhelming majority (95%) of respondents’ organizations. If left unabated, they may manifest into the challenges that organizations set out to avoid by investing in it. For instance, the overall management by IT of cloud-based security and authentication is seen as a challenge for almost half (47%) of respondents. If unresolved, this could lead to IT’s staff being used less efficiently, the most widely recognized outcome from ineffective cloud access management.
Regardless of how it is protected, effective cloud access management is essential, the report said.
“No matter how an organization views cloud access management, or their experience of it, it is essential if an organization wants to use cloud, with the two inextricably linked – the more you use cloud, the more you have to engage with cloud access management.”
The report included the findings from a survey of 300 IT professionals in the US and Brazil with responsibility for, or influence over, IT and data security, Thales said.